Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Indictments
against 44 people and 9 companies were unsealed November 10 detailing an
alleged scheme to steal and resell approximately $34 million worth of oil that
was never delivered to various businesses in New York. – New York Times

2. November
10, New York Times – (New York) Prosecutors allege persistent heating oil fraud in
New York City. The Manhattan district attorney’s office unsealed
indictments November 10 against 44 people and 9 companies for allegedly
stealing and reselling approximately $34 million worth of oil that was never
delivered to homeless shelters, hospitals, courthouses, police stations, and
prison buildings on Rikers Island. The investigation uncovered 48 seized trucks
that were rigged to deprive customers of their fuel, among several other
fraudulent activities. Source: http://www.nytimes.com/2015/11/11/nyregion/11-indictments-detail-widespread-fraud-in-heating-oil-industry-of-new-york-city.html

• Volkswagen
announced November 10 that production of diesel-powered 2016 Passat TDI sedans
was temporarily stopped at its Chattanooga, Tennessee plant. – Chattanooga
Times Free Press

12. November
12, Associated Press – (Oregon; Washington) Chipotle reopening all Northwest
locations after E. coli outbreak. Chipotle Mexican Grill, Inc., re-opened
43 restaurants in Oregon and Washington November 12 after they underwent
thorough cleaning, and the company adopted some new protocols for washing fresh
produce following an E. coli outbreak that sickened nearly 45 people. The cause
of the outbreak remains under investigation and Chipotle announced that it did
not find any food contaminated by E. coli following testing. Source: http://registerguard.com/rg/business/33707286-63/chipotle-reopening-all-northwest-locations-after-e.-coli-outbreak.csp

• A grand jury in
Waco, Texas, indicted 106 out of 177 bikers November 10 who were arrested for
engaging in organized criminal activity following a May 17 shootout that killed
9 people and injured 20 others. – Associated Press

25. November
11, Associated Press – (Texas) Grand jury indicts 106 bikers in Waco shootout with
police. A grand jury in Waco, Texas, indicted 106 out of 177 bikers
November 10 who were arrested for engaging in organized criminal activity
following a May 17 shootout with police at the Twin Peaks restaurant that
killed 9 people and injured 20 others after the Bandidos and the Cossacks
motorcycle clubs had an alleged confrontation. Source: http://www.foxnews.com/us/2015/11/11/grand-jury-indicts-106-bikers-in-waco-shootout-with-police/

Financial Services Sector

5. November
12, Securityweek – (International) “Cherry Picker” PoS malware cleans up after
itself. Researchers from Trustwave discovered that a point-of-sale (PoS)
malware dubbed “Cherry Picker” relies on a new memory scraping algorithm using
a file infector for persistence that removes all traces of the infection from
the system with updated versions of sr.exe and srf.exe, which has been used to
install the malware and inject a data definition language (DLL) into processes.
The latest version of the malware relies on an application programming
interface (API) called “QueryWorkingSet” to scrape the memory and harvest the
data. Source: http://www.securityweek.com/cherry-picker-pos-malware-cleans-after-itself

Information Technology Sector

18. November
12, Securityweek – (International) Microsoft reissues security update due to
Outlook crash. Microsoft reissued a security patch updating its KB3097877
software on Windows 7 and some versions of its KB3105213 update on Windows 10
after customer complaints revealed that the software update had an issue with
its Outlook 2010 and 2013 versions which caused crashes for consumers viewing
HyperText Markup Language (HTML) emails. Source: http://www.securityweek.com/microsoft-reissues-security-update-due-outlook-crash

19. November
11, Securityweek – (International) Attackers abuse security products to install
“Bookworm” trojan. Researchers from Palo Alto Networks discovered a new
trojan dubbed “Bookworm” which captures keystrokes and steals the content of a
clipboard, as well as load additional modules from its command and control
(C&C) server to expand its abilities by using a Smart Installer Maker tool
to disguise the malware as a self-extracting RAR archive, or a Flash
slideshow/installer, to write a executable data definition language (DDL) file
named “Loader.ddl,” and a file named “readme.txt,” to the victims’ system. Source:
http://www.securityweek.com/attackers-abuse-security-products-install-bookworm-trojan

20. November
10, Softpedia – (International) Here’s the list of all security bugs that
Adobe fixed in Flash 19.0.0.245. Adobe released patches for 17 critical
bugs in its Flash Player 19.0.0.245 for Windows and Apple Mac, Flash Player
11.2.202.548 for Linux systems, as well as Adobe AIR that patched
vulnerabilities including a type confusion flaw, and a security bypass
vulnerability that allows attackers to write data to the target’s file system
with the user’s permission. Source: http://news.softpedia.com/news/here-s-the-list-of-all-security-bugs-that-adobe-fixed-in-flash-19-0-0-245-495990.shtml

For another story, see item 5 above in the Financial Services Sector

Communications Sector

21. November
11, Alpine Avalanche – (Texas) Telephone service disrupted. AT&T customers
located in 6 counties across southwest Texas experienced landline and some
cellphone and Internet outages for about 8 hours November 10 due to a line
break.

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"